Peer-To-Peer Name Resolution Protocol (pnrp) Security Infrastructure and Method

1. A method of inhibiting denial of service attacks based on consumption of processor capacity at a node in a peer-to-peer network, comprising: receiving a potentially malicious message at the node in the peer-to-peer network; wherein the potentially malicious message comprises a RESOLVE message, the RESOLVE message comprising at least one message field; examining processor capacity at the node; and rejecting processing of the potentially malicious RESOLVE message when examining the processor capacity at the node indicates that the consumption of processor capacity at the node is above a predetermined level, wherein rejecting processing of the potentially malicious RESOLVE message comprises sending an AUTHORITY message, the AUTHORITY message containing an indication that the potentially malicious RESOLVE message will not be processed because the consumption of processor capacity at the node is above the predetermined level; and accepting processing of the RESOLVE message when examining the node processor capacity indicates that the consumption of processor capacity at the node is below the predetermined level, and processing the RESOLVE message at the node.

2. The method of claim 1 , further comprising: calculating a bitpos as a hash of the at least one message field when a first node identification is not locally registered; setting a first bit at an index of a bit vector, the index of the bit vector corresponding to the bitpos; storing the bit vector at the node, the bit vector specifically identifying the RESOLVE message with a sending node; finding a next hop to forward the RESOLVE message; modifying the RESOLVE message to indicate processing the RESOLVE message; and forwarding the RESOLVE message to the next hop if the next hop is verified.

3. The method of claim 1 , wherein the indication that the RESOLVE message will not be processed comprises a set AF_REJECT_TOO_BUSY field.

4. A computer-readable storage medium having computer-executable instructions for inhibiting denial of service attacks based on consumption of processor capacity at a node in a peer-to-peer network, the computer-executable instructions comprising instructions for: receiving a potentially malicious message at the node in the peer-to-peer network; wherein the potentially malicious message comprises a RESOLVE message, the RESOLVE message comprising at least one message field; examining processor capacity at the node; rejecting processing of the potentially malicious message when examining the processor capacity at the node indicates that the consumption of processor capacity at the node is above a predetermined level, wherein rejecting processing of the potentially malicious message comprises sending an AUTHORITY message, the AUTHORITY message containing an indication that the potentially malicious message will not be processed because the consumption of processor capacity at the node is above the predetermined level; and accepting processing of the RESOLVE message when examining the processor capacity at the node indicates that the consumption of processor capacity at the node is below the predetermined level.

5. The computer-readable storage medium of claim 4 , wherein the indication that the RESOLVE message will not be processed comprises a set AF_REJ ECT_TOO_BUSY field.

6. The computer-readable storage medium of claim 4 , further comprising: processing the RESOLVE message; converting the RESOLVE message to a RESPOND message when another node identification is locally registered at the node; and sending the RESPOND message to the other node.

7. The computer-readable storage medium of claim 4 , further comprising: processing the RESOLVE message at the node; calculating a bitpos as a hash of the at least one message field when a second node identification is not locally registered; setting a first bit at an index of a bit vector, the index of the bit vector corresponding to the bitpos; storing the bit vector at the node, the bit vector specifically identifying the RESOLVE message with the second node; finding a next hop to forward the RESOLVE message; modifying the RESOLVE message to indicate processing the RESOLVE message; and forwarding the RESOLVE message to the next hop if the next hop is verified.

8. The computer-readable storage medium of claim 7 , further comprising: setting a second bit in the RESOLVE message when the next hop is not verified; and forwarding the RESOLVE message to the next hop; wherein the second bit comprises a request to identify the ownership of the RESOLVE message.

9. A method of inhibiting denial of service attacks based on consumption of processor capacity at a node in a peer-to-peer network, comprising: receiving a potentially malicious message at the node in the peer-to-peer network; wherein the message is a FLOOD message, the FLOOD message containing a peer address certificate (PAC); determining that the PAC should be stored in a cache at the node; examining processor capacity at the node; and rejecting processing of the potentially malicious message when examining the processor capacity at the node indicates that the consumption of processor capacity at the node is above a predetermined level, wherein rejecting processing of the potentially malicious message comprises sending an AUTHORITY message, the AUTHORITY message containing an indication that the potentially malicious message will not be processed because the consumption of processor capacity at the node is above the predetermined level.

10. The method of claim 9 , wherein receiving a message at the node in the peer-to-peer network further comprises: determining that the PAC should be stored in one of two lowest cache levels at the node; wherein rejecting processing of the message when examining the processor capacity at the node indicates that the consumption of processor capacity at the node is above the predetermined level comprises placing the PAC in a node set aside list for later processing.

11. The method of claim 10 , further comprising processing the PAC in the node set aside list at a random interval, if, during the random interval, the consumption of processor capacity at the node is below the predetermined level.

12. The method of claim 9 , wherein receiving the message at the node in the peer-to-peer network further comprises determining that the PAC should be stored in a node cache level higher than two lowest cache levels at the node, and wherein rejecting processing of the message when examining the processor capacity at the node indicates that the consumption of processor capacity at the node is above the predetermined level comprises rejecting the FLOOD message.